Selectable Output Control: What’s the Big Deal? June 27, 2010
Posted by Niels Thorwirth in Standards, Technologies, Video.8 comments
[Editor's note: I had been intending to write a piece on Selectable Output Control for some time, but I just haven't had the time to do the proper research. Niels Thorwirth of Verimatrix wrote this very informative piece about SOC for Verimatrix's corporate blog, which is reproduced here minus the Verimatrix commercial part.]
The FCC has recently granted a waiver filed by the MPAA to allow selectable output control for set-top box (STB) devices in the USA. The requirements for selectable output control are for a limited time and under certain conditions, but still a significant development in the evolving world of movie distribution windows.
It means that cable, satellite and IPTV operators are allowed to offer content that can only be displayed on screens with HDMI connections protected via high-bandwidth digital content protection (HDCP). Any analog or unprotected outputs from the STB device would be disabled during the viewing of that content.
The contention is that, by eliminating the “easy” piracy option of recording the signal from analog outputs of the STB, studios can now consider a new release window for their movie assets. As proposed by Time Warner Cable, it’s called “home theater on demand,” and enables operators to offer a movie for domestic consumption just 30 days after its theatrical release.
While most articles deal with the business dynamics of selling video-on-demand (VOD) movies closer to the theaters and before DVD or BluRay, let’s take a look at the security implications.
The mandatory digital watermark for digital cinema provides some forensic traceability of illegitimate recordings by identifying the theater location and screening time. This helps deter repeat offenders and inside jobs. Nonetheless, some movies are still pirated with a camcorder in cinemas. Apparently, the commercial benefits of selling that movie on illegal DVDs still outweigh the risks for professional pirates. The quality of these recordings is poor and the financial loss to studios is arguably limited in that many who accept that quality would not otherwise buy theater tickets.
It’s also unfortunate that, right after the release of any noteworthy movie on DVD or BluRay, high-quality digital movies can typically be downloaded from Internet file sharing sites in several versions and sizes. The source is of course untraceable in this situation.
This new concept of a home theater on demand window enables the delivery of movies to end user devices. Despite the restriction to HDCP protected outputs, there is no doubt that content released in this high value period will be subject to piracy of commercial and non-commercial flavor. While HDCP provides much better security then that unprotected analog output, it has vulnerabilities.
If these vulnerabilities are too difficult to exploit, pirates will be able to resort to copying content from their HD TV with an HD camcorder in the comfort of their own home – the quality of readily available equipment makes this a relatively easy option. This is where digital watermarking can be used to trace and identify piracy of either approach.
This new home theater on demand requirement takes watermarking into additional networks with specific infrastructure and legacy architecture, with new and interesting integration tasks. It also adds possibilities to make watermarking a standard solution to secure content revenues on this distribution channel.
The recent discussions we’ve had with content owners and distributors certainly indicate that the studios understand the potential of digital watermarking to plug the crucial security vulnerability that is opened by home theater on demand and is only closed in part by selectable output control.
The home theater on demand release window, after all, adds a consumer option, and I believe that the combination of selectable output control and traceability is a sufficient deterrent against piracy to keep this option valid and profitable for content owners.
SafeNet Exits Consumer DRM Business March 8, 2010
Posted by Bill Rosenblatt in DRM, Standards, Technologies.add a comment
SafeNet last month sold its consumer media DRM product lines to Authentec, a maker of fingerprint sensors based in Melbourne, FL, in a cash and stock transaction valued at US $11.3 Million plus a potential $2.5 Million earnout. The DRM assets included in the sale were the company’s DRM Fusion products, which comprise server DRM packaging and license management and DRM client software.
The DRM assets came from DMDSecure, the Dutch company that SafeNet acquired in 2005, and Beep Science, a Norwegian company that it acquired in 2008.
The deal primarily involves SafeNet’s Embedded Security division, which includes hardware and patents as well as software and expertise; the DRM assets are barely mentioned in Authentec’s press release. It is clear that Authentec wants to expand its product line from fingerprint readers to the security solutions for which they serve as authentication input.
DRM could possibly become part of such solutions, but the history of using biometrics in DRM is not particularly encouraging. The only applications of biometrics-based DRM that have existed in the market are schemes such as Musicrypt’s DMDS and Thomson’s NexGuard, which are used for “B-to-B” applications such as sending video to post-production houses or sending music to radio station chains. Such applications are valuable and fairly widely used, but their scale is nowhere near that of OMA DRM (especially OMA DRM v.1).
The SafeNet management team responsible for DRM Fusion and the OMA DRM software has gone over to Authentec and will continue to sell and support the products. Perhaps they will find synergies between the DRM technology and Authentec’s biometric products in consumer applications after all. But otherwise it’s difficult to read anything into this other than a consolidation of the OMA DRM market — a potential loss of one of the technology’s primary independent suppliers. CoreMedia of Germany and MarkAny of South Korea are virtually the only ones left.
Apple Joins E-Book Reader Competition January 27, 2010
Posted by Bill Rosenblatt in Devices, DRM, Publishing, Standards.1 comment so far
Apple’s new iPad tablet device will include a proprietary e-book reader application called iBook, available for free from the App Store. iBook will use the International Digital Publishing Forum’s standard ePub format. But that does not mean that iBook e-books will be readable on other ePub-compliant devices such as the Sony Reader and Barnes & Noble Nook. Each of these devices uses its own DRM, which is not part of the ePub standard.
The “openness” of Apple’s e-book format is, thus, no more “open” than its music format was before iTunes went DRM-free: it was based on a standard codec — MPEG-4 AAC, the same as RealNetworks has used — but the files were protected by FairPlay DRM. In all likelihood, Apple will be using a variant of FairPlay to encrypt e-books from publishers that require DRM, just as it uses a variant of FairPlay for video content on iTunes.
In other words, Apple has opted to go head-to-head with Amazon, B&N, Sony, and others in the e-book reader sweepstakes — with a device that costs two to three times the prices of the others.
Apple had other choices for its iPad publishing strategy. It could have used Adobe’s Digital Editions/Content Server DRM, which is used by Sony, B&N, and most other platforms besides Amazon’s Kindle and Mobipocket — thereby providing some degree of interoperability with other readers and helping to compete with Amazon. But Apple doesn’t like getting too close to Adobe — witness the (continued) lack of Flash support on the iPad, just like on iPhones.
Apple could also have adopted an entire e-reader ecosystem that works on multiple devices in addition to its own, by acquiring one of the existing players such as Zinio or Texterity. But that would be even more out of character.
Or, Apple could have not bothered with an e-reader strategy and simply said, “We have a great SDK, and we look forward to working with publishers to develop breakthrough apps for their content.” That would have been a reasonable choice, if an underwhelming one amid all the hype.
No one doubts that Apple will be a serious contender in e-books with the iPad, especially assuming that it adapts its iBook app for iPhones and Macs (and PCs?).
So what has happened here? From this perspective, the e-book DRM mess just got messier today.
Correction to Story on CoreMedia January 21, 2010
Posted by Bill Rosenblatt in DRM, Standards, Technologies.add a comment
I have posted a correction to the story on CoreMedia’s DRM server offering from earlier this week. This post serves to ensure that email and RSS subscribers see the correction. Again, I apologize to CoreMedia and to readers for the errors (which resulted from – in essence – a key piece of information about CoreMedia’s new offering having gotten caught in my spam filter).
CoreMedia Changes OMA DRM Server Offering [CORRECTION] January 19, 2010
Posted by Bill Rosenblatt in DRM, Standards, Technologies.add a comment
[This replaces yesterday's story on CoreMedia, which contained inaccuracies owing to miscommunications. I apologize to CoreMedia and to readers for the mistake.]
CoreMedia, a leading provider of server and client software for multiple DRMs, is replacing its server software product in favor of an SDK approach to server software. Instead of an OMA DRM server software package, the company will now offer what amounts to a toolkit that enables customers and integrators to build applications that include DRM packaging and license management.
The move is an acknowledgement that more of CoreMedia’s customers — which include many wireless networks, handset makers, and service providers — want to be able to integrate DRM capabilities into their own back ends rather than just use a standalone server product. The SDK offering — and the discontinuation of the standalone server software — are a sign of service providers’ increasing sophistication in building premium content services.
DECE Sets a New Direction January 7, 2010
Posted by Bill Rosenblatt in Devices, DRM, Standards, Technologies, Video.4 comments
After several months of silence, the Digital Entertainment Content Ecosystem (DECE) consortium is coming forth with a group of announcements timed to this week’s Consumer Electronics Show in Las Vegas.
The public press release provides high-level details of the latest developments, but it captures neither the change in strategy that DECE has undergone over the past year nor the potential shift in digital media supply-chain dynamics that it enables. I was able to get a sense of these through a conversation with Mitch Singer, the Sony Pictures executive who leads DECE.
DECE started, roughly two years ago, as a so-called rights locker scheme, in which an online content retailer stored information about content that each user has purchased. The user then had the right to download the content in the format of his choice, as long as the format included a DECE-compliant DRM. This scheme would have required retailers and content delivery networks to maintain multiple versions of each content item (such as a digital movie) as well as detailed information about customers and their purchases.
Amazon.com currently maintains a scheme not unlike this, for e-books as well as (to some extent) video content. Kindle users can view their e-books on other devices, such as iPhones (and soon BlackBerrys), and pick up where they left off from another device. Purchasers of certain DVDs and Blu-ray discs on Amazon can also view them on demand through the site through Amazon’s Disc+ On Demand.
Yet the original DECE rights locker concept was problematic for service providers on a couple of levels. I worked with a large network service provider on strategy for a rights locker-based content retail scheme back when DECE — then called Open Market — was just getting under way. The network service provider was intrigued by Open Market but chose not to go forward. One of the reasons: it would have cost a huge amount of money just to get started. In addition to building expensive technical infrastructure virtually from scratch, the company would have had to pay for multiple licenses for each content item, one for each supported format.
The new DECE architecture ameliorates the cost and complexity issue in a major way. Instead of enabling or requiring retailers to store multiple versions of each piece of content, it standardizes on a single file format, thereby requiring them to only store one file (actually, one file for each resolution of content, such as portable, standard def, and high def). And it offloads the rights locker and customer authentication tasks to an external service provider. That provider is Neustar, an established identity management service provider in the telco space that DECE selected for the task.
With the new DECE architecture, retailers need only store tokens for each purchase and need not adopt any identity management or authentication infrastructure. That’s a significant savings in startup and operating cost and complexity.
However, this architecture has a twist: all of the basic information about purchases and users’ registered devices is stored at Neustar and technically owned by DECE. (Users’ own rights to that information are as yet undefined.) Retailers will be able to access all of each customer’s purchase information: they will be able to see what a given customer purchased from other retailers as well as themselves, although they won’t be able to find out from which other retailers a given user purchased content.
That’s a new type of scheme, and it’s unclear how retailers will react to it. Retailers expect to be able to own customer information as a way to build long-term customer relationships and as a source of competitive advantage. With DECE, each retailer can still hold the usual detailed information about customers and their purchases, but the basic information about which users own which devices and what content is now shared among all retailers.
The new scheme effectively preserves the original DECE’s goal of rights locker portability, so that users could take their rights lockers to other service providers in the same way that GSM wireless subscribers can take their SIM cards from one handset to another. Now there will be just one rights locker, making user rights portability a non-issue.
Yet retailers will still need to compete more on value-added services rather than on ownership of customer information. For example, a retailer could have a better recommendation engine or social network that induces customers to come back to its site for future purchases. Or, a consumer electronics retailer could offer to pre-install all of a customer’s existing movies onto a new laptop or home media server on purchase.
The movie studios’ objective with DECE is an entirely understandable one: they want a level playing field among retailers so that no single one of them is able to dominate the economics, as Apple has done for music — and as some studios fear it will do again for video. (Disney appears to have no such fears, given its close relationship with Apple. Not only is it conspicuous by its absence from DECE but it has also announced a competing initiative called KeyChest.)
All online content retailers are clearly looking for ways to compete with Apple. But it remains to be seen whether they will find enough value in DECE to adopt it, even with the reduced startup and operational complexities that the new model offers. An encouraging sign is that some major service providers and retailers have joined the consortium: service providers include Comcast, Cox, and Liberty Global, all cable operators with ISPs; retailers include Best Buy, Tesco (the major UK retail chain), and Netflix.
But the likes of Wal-mart, Target, and their equivalents outside the US aren’t on board; nor are any major telcos. Furthermore, Best Buy is also pursuing what appears to be an overlapping effort with CinemaNow.
The other significant new piece of the DECE architecture is the definition of a new file format, whereas the original DECE was based on interoperability among several formats. The DECE file format, which will use the H.264 video codec, will be compatible with a number of DRMs; this means that it can be deployed on whatever operating platforms those DRMs support.
There are five DRM technologies on the initial compliant list: Microsoft PlayReady, Marlin, Widevine, OMA DRM v.2, and Adobe Flash Access. All of these can handle H.264. All of them can also use the US government standard AES-128 encryption algorithm; this will enable the DECE-formatted files to use encryption keys that can be used with any of the compliant DRMs.
With the standard file format, DECE has given up on its previous feature of interoperability among existing file formats and players. Instead, it will be necessary to get device makers to create DECE-compliant devices and bring them to market. It will also be possible to retrofit existing devices to handle the DECE format, by installing software (in the case of PCs) or upgrading firmware (for certain portable devices), just as would be the case for any new file format.
DECE intends to release specs in the coming months. The timetable for actual compliant devices to hit the market is to be determined, but it’s worth noting that several top-tier device makers are DECE members, including HP, Motorola, Nokia, Panasonic, Philips, Samsung, Sony, and Toshiba.
DECE represents a truly new direction for digital media supply chains, one that includes both innovations and risks. Assuming that DECE succeeds in launching with high-profile device makers and retailers, it will represent an interesting alternative for consumers that focuses on content portability and choice of retailers. It will thus be competing against Apple’s seamless user experience as well as against Amazon’s massive customer database. DECE’s chosen architecture illustrates how difficult it would be to have all of these attributes in a single content ecosystem. Consumers will have to live with each of them and choose for themselves.
Amazon Wades into Rights Locker Territory for Video December 16, 2009
Posted by Bill Rosenblatt in Business models, Services, Standards, Video.add a comment
If you buy a Kindle e-book from Amazon.com, you can also read it through the Kindle iPhone app and in various other ways. Amazon keeps track of what e-books you purchased and even what page you’re on in each one, so that you can switch from one device to another and pick up your reading from where you left off. This multi-device approach is known as a “rights locker.”
Now Amazon is taking steps to move its video capabilities towards a rights locker model. Last week, Amazon announced Disc+ On Demand, a program in which buyers of DVDs and Blu-ray discs also get an Amazon Video On Demand play of the same content. Given that Amazon Video On Demand encompasses streaming (to PCs, Macs, and other devices through hardware adapters) as well as downloads to PCs and TiVo devices, this is beginning to look quite a bit like a rights locker model – though it’s limited to certain discs for which Amazon has secured the rights, and Amazon is positioning it as a limited-time promotion.
Meanwhile, Hollywood is trying to standardize on a more generalized rights locker approach through the DECE (Digital Entertainment Content Ecosystem) consortium, as well as Disney’s recently-announced KeyChest, a streaming-only initiative.
It could take years for DECE to be ready, but the approach promises to span many more devices and delivery modalities than what Amazon is offering now. It’s just possible that Amazon could beat DECE to market with a service that’s sufficiently compelling to users to render DECE irrelevant. It looks like Amazon has the infrastructure for both rights and content delivery to pull it off.
Whether Amazon can secure enough rights from content owners is another question. The same question applies to DECE… but then Hollywood, for the most part, controls DECE. Ironically, Amazon’s Disc+ On Demand has given DECE another selling point: use our infrastructure to help us create an ecosystem that can successfully compete with the Amazon juggernaut.
As I have said before, this should sound like deja vu to those who have been following Apple and the music industry.
Microsoft’s Search-Indexing Bribe to News Corp. November 24, 2009
Posted by Bill Rosenblatt in Publishing, Rights Licensing, Standards.1 comment so far
News publishers would like to eliminate what they see as “free riding” that the major Internet search engines do on their content. The search engines index the content, make it available in search results, and monetize the traffic through ads and various other ways. Users go to search engines for their news and don’t visit the news publishers’ sites (or those of the publishers’ syndication partners), thereby depriving publishers of traffic and revenue.
Back in 2007, many news publishers — particularly in Europe — got together to develop a standard called ACAP (Automated Content Access Protocol) that was supposed to solve this problem. It would enable news publishers to specify what rights search engines should have to index their content and display it in search results. The ACAP members tried to get the major search engines — such as Google, Yahoo, and MSN — to implement ACAP, on the grounds that doing so would encourage more news publishers to make their content available to search engines.
Fast forward to November 2009 and the depressing revelation that Microsoft is in negotiations with Rupert Murdoch’s News Corp. to pay News Corp. to block Google from indexing its web content. This is perfectly feasible through the Robots Exclusion Protocol (REP) technology that ACAP purports to replace.
The problem with ACAP is, and has been, that while it benefits publishers, there is little in it for the search engines. If everyone were to implement ACAP, the search engines would get additional content to index that amounts to a minute, minuscule increment to the oceans of content that they already index — and a somewhat less minute incremental amount of monetizable traffic, on the theory that name-brand news content is more popular than average.
In other words, the economic benefits of ACAP are not equitable; the standard is not a win-win for all participants. So it’s little wonder that the elegantly-designed ACAP has been languishing; the list of ACAP participants is even no longer available on the ACAP website.
News Corp. was an early participant in ACAP through its subsidiary News Ltd. Australia. But now it is circumventing a fair resolution of the free-riding question by taking advantage of Microsoft’s hunger to promote its new Bing search engine against Google.
News Corp. may rightly claim that it does benefit from having Google index its content for discovery through search, and therefore that it needs to be compensated for the loss of traffic it would incur from being excluded from the world’s most popular search engine. But that, as we say in the technology biz, is not a scalable solution.
A proliferation of such deals will only lead to a world of confusion for users that gets even more confusing as the economics shift over time. Throwing money at the free-riding problem brings it no closer to a solution.
Good Old Fashioned Incompatibility November 12, 2009
Posted by Bill Rosenblatt in DRM, Music, Standards.1 comment so far
Princeton professor Ed Felten probably disagrees with me on various points, but one point on which I think we do agree is that “good old fashioned incompatibility” (as Felten aptly put it) can be an alternative to encryption-based DRM for controlling usage of content.
As I recently found out, Apple may have given up DRM for music, but in some ways it has replaced DRM with good old fashioned incompatibility for locking users into its iTunes/iPod media platform.
I recently recorded the audio of a personal event that consisted of speeches and performances of public-domain classical music. I used an iPod Nano 4G with a Belkin TuneTalk microphone attachment. The mic uses the iPod’s Voice Recorder functionality, which Apple had left unexposed to users until the latest version of the iPod Nano, the 5G, which has a built-in microphone.
It used to be that the iPod Voice Recorder recorded in uncompressed WAV format, which could be converted to MP3 easily within iTunes or by any of a number of music software packages, many of them free. (I still have a recording of my daughter singing from about three years ago that was made that way on a long-defunct hard disk based iPod.) But now, iPods record in ALAC, Apple’s lossless MP4 variant. The files have, confusingly, the same .m4a extensions as files in the MP4 AAC lossy codec used in iTunes.
The resulting ALAC file was half a gigabyte in size — smaller than the roughly 1.5GB that a WAV file would have been, but not exactly convenient for downloading from the Facebook page I am constructing of the personal event. I needed to compress the file further. It wasn’t necessary to preserve the pristine audio quality afforded by the lossless compression.
First I found that Apple has removed the format conversion features it used to have in iTunes. So I had to resort to third-party conversion programs. I tried about half a dozen of them on both PC and Mac. None of them worked; they gave error messages, produced spurious results, or just crashed. Now that’s what I call good old fashioned incompatibility.
Finally, someone who does professional audio production managed to convert the file to MP3 using an older version of iTunes from back when it still offered format conversion. Otherwise, the only way to do it was to burn CDs in Redbook audio format from iTunes, and then re-rip them to MP3 in a program such as Windows Media Player or Rhapsody; iTunes doesn’t support this anymore either. Not only was this a tedious process but it caused the audio to be split across multiple files because it ran longer than the capacity of a single CD.
Apple’s public story of freeing music by throwing off the shackles of DRM gets more and more disingenuous on deeper scrutiny. It’s unfortunate that the effects of Apple’s restrictions had to manifest themselves on personal, non-copyrighted material rather than the “Big Music” that everyone assumes is the root of all evil.
Disney Prepares Rights Locker Initiative October 25, 2009
Posted by Bill Rosenblatt in Business models, Standards, Video.5 comments
The Wall Street Journal has reported on Disney’s imminent announcement of an initiative with the internal name of Keychest — a proposed standard for interoperability of online video content. Keychest is a so-called rights locker technology, in which users who purchase video content from one site in one format get rights to watch it on any compliant device they own.
If you have been following the industry or reading this blog (and its predecessor, DRM Watch) for a while, this will sound familiar to you. In particular, it may sound a lot like the Distributed Entertainment Content Ecosystem (DECE), an initiative led by Mitch Singer of Sony Pictures with participants including Microsoft, Comcast, and the other major movie studios.
DECE was formally announced over a year ago, yet it has not announced much progress this year. Both Keychest and DECE expect the full impacts of their efforts to be years away.
Just what Hollywood needs: another format war.
This time, the studios can’t pin the blame on consumer electronics companies, the usual suspects in format wars. (Let’s remember Blu-ray (Sony Electronics) vs. HD DVD (Microsoft, Toshiba), and the one before that, VHS (Panasonic) vs. Betamax (Sony again).) At the same time, although studios are leading these two initiatives, technology platform companies are firmly at their backs: Microsoft in the case of DECE and, lurking in the shadows not far behind Disney, Apple in the case of Keychest.
The main differences between DECE and Keychest are that DECE focuses on video download formats, while Keychest focuses on “cloud” services and streaming. Keychest intends to be compatible with a range of streaming formats, codecs, and devices. DECE started that way for downloading but switched tactics to include a standard DECE file format in its specifications.
In truth, several elements of streaming are easier to handle than downloading. Keychest implementers won’t have to worry as much about DRM and may not have to worry at all about issues like on-device file storage, backups, and the authentication complexities around device ownership. DECE has to deal with all of these issues. On the other hand, streaming of video content at decent quality depends on fast broadband infrastructure that many people just don’t have, especially from mobile devices.
It’s theoretically possible for DECE and Keychest to join forces, because at a high level, their specs are more complementary than competitive. And according to the Wall Street Journal article, Disney executives are taking the position that service providers and movie studios could participate in both. Singer took a similar position in an article in today’s New York Times.
But let’s not kid ourselves: there was never much hope that Disney would participate in DECE; now Disney is going a step further by launching a competitive response. This is really about platform technologies and about the question that is weighing on many Hollywood digital executives’ minds: will Apple do to them what it has done to the music companies?
Bill Rosenblatt
Azita Arvani
Bill Jones
Niels Thorwirth
